1. Field of the Invention
The present invention relates to a technology for detecting falsification of content on a web site published in an Internet environment, for example.
2. Description of the Related Art
Up to now, known methods for detecting falsification of a computer file include a technology using a message digest. According to this technology, a program mounted with a message digest algorithm generates a message digest (hash code) of the file to be searched to detect the falsification, and this is saved. Then, generally, after a given duration of time has elapsed, in order to detect whether the file has been falsified or not, another message digest of the file is generated and this is compared with the saved message digest.
Then, as a result of the comparison, if the two message digests match, it is determined that the file has not been altered and has not been falsified. Further, in the case where the two message digests do not match, it is determined that the file has been altered.
However, the conventional falsification detection system was not able to judge whether the alteration was an appropriate alteration or an inappropriate alteration (falsification). In other words, the conventional falsification detection system was, more accurately, an alteration detection system. Therefore, after the alteration was detected, it was necessary for a user to investigate the alteration and to judge whether the alteration was a falsification or not.
FIG. 1 is a block diagram showing a configuration of the conventional falsification detection system. The falsification detection system shown in the diagram includes the subject content to the falsification detection, and an MD DB (message digest database) storing a message digest generated at a given time.
The falsification detection in the system is performed according to the following three steps:    1. The message digest is prepared from the subject content to be stored in the MD DB.    2. The message digest from the subject content is compared with the message digest in the MD DB and an alteration in the subject content is detected.    3. The result produced by the alteration detection is confirmed by a human and judged as to whether it is an inappropriate alteration or an appropriate alteration.
Known examples of the system described above include Tripwire by Tripwire, Inc. (http://www.tripwire.com), Intact by Pedestal Software, Inc. (http://www.pedestalsoftware.com), and Dragon Squire by Enterasys Networks, Inc. (http://www.enterasys.com).
However, in the conventional technology described above, the results of the falsification detection are produced without distinguishing between appropriate and inappropriate alterations. As a result, the following problems occur:    (1) The investigation must be made in order to distinguish the appropriate alteration from the inappropriate alteration in the results produced by the falsification detection.    (2) The appropriate alteration is detected as the falsification.    (3) Since many appropriate alterations are reported among the falsification detection results, the inappropriate alteration that is actually supposed to be detected is easy to be overlooked.